Islam Mostafa
Technical Digital Forensics Team Lead
EG | CERT
Islam Mostafa, Sr. Digital Forensics Engineer at EG-CERT.Islam combines DFIR, OSINT, & Threat Intel with digital evidence to actionable intelligence for complex cybercrime cases. With 5 years of experience. Previous Black Hat MEA speaker since 2023.
Speaker sessions
D3FEND: Hardening & Detecting Anti-Forensics
Adversaries are getting better at covering their tracks. Anti-forensic techniques (AFTs) are now regular parts of post-exploitation toolkits. Their goal is simple: disrupt investigations, erase evidence, and delay detection. When successful, these techniques can leave defenders blind — especially when the right controls and detection mechanisms aren’t in place.In last year’s session, we explored how attackers use AFTs across each phase of the cyber kill chain and how forensic analysts can identify signs of tampering. This year, we’re turning the table. Instead of focusing on how attackers erase their footprints, we’re focusing on how defenders can prevent it from working in the first place.This talk introduces MITRE D3FEND as a powerful framework to harden forensic visibility and counter anti-forensic techniques. Through the lens of digital forensics, we’ll map AFTs to specific D3FEND countermeasures and discuss how these can be implemented in real environments. Using practical case studies, we’ll walk through how blue teams can detect artifact tampering, recover critical visibility, and make their systems more resilient to adversary manipulation.
- 13:00
- Wed
- 03 Dec
Stage:
Briefings 2
Sessions Type:
Presentation